What Attitude Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security?

What Attitude Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security?

Spending on security in an SME usually has to compete with demands for hardware, infrastructure, and strategic applications. In this paper, the authors seek to explore the reasons why smaller SMEs in particular have consistently failed to see securing information as strategic year-on-year spending,...

Full description

Bibliographic Details
Main Authors: Richard Henson, Joy Garfield
Format: Article
Language:English
Published: Athens Institute for Education and Research 2016-07-01
Series:Athens Journal of Business & Economics
Subjects:
data protection legislation
economics of information security
information security management systems
iso2700
sme
Online Access:https://www.athensjournals.gr/business/2016-2-3-5-Henson.pdf
id doaj-064cf527ce4d434292215dfccff2aef8
record_format Article
spelling doaj-064cf527ce4d434292215dfccff2aef82021-01-25T15:16:48ZengAthens Institute for Education and ResearchAthens Journal of Business & Economics2241-794X2016-07-012330331810.30958/ajbe.2-3-5What Attitude Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security?Richard Henson0Joy Garfield1Senior Lecturer in Computing, Worcester Business School, UKSenior Lecturer in Computing, Worcester Business School, UKSpending on security in an SME usually has to compete with demands for hardware, infrastructure, and strategic applications. In this paper, the authors seek to explore the reasons why smaller SMEs in particular have consistently failed to see securing information as strategic year-on-year spending, and just regard as part of an overall tight IT budget. The authors scrutinise the typical SMEs reasoning for choosing to see non-spending on security as an acceptable strategic risk. They look particularly at possible reasons why SMEs tend not to take much notice of "scare stories" in the media based on research showing they are increasingly at risk, whilst larger businesses are taking greater precautions and become more difficult to penetrate. The results and their analysis provide useful pointers towards broader business environment changes that would cause SMEs to be more risk-averse and ethical in their approach to securing their own and their clients’ information.https://www.athensjournals.gr/business/2016-2-3-5-Henson.pdfdata protection legislationeconomics of information securityinformation security management systemsiso2700sme
collection DOAJ
language English
format Article
sources DOAJ
author Richard Henson
Joy Garfield
spellingShingle Richard Henson
Joy Garfield
What Attitude Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security?
Athens Journal of Business & Economics
data protection legislation
economics of information security
information security management systems
iso2700
sme
author_facet Richard Henson
Joy Garfield
author_sort Richard Henson
title What Attitude Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security?
title_short What Attitude Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security?
title_full What Attitude Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security?
title_fullStr What Attitude Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security?
title_full_unstemmed What Attitude Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security?
title_sort what attitude changes are needed to cause smes to take a strategic approach to information security?
publisher Athens Institute for Education and Research
series Athens Journal of Business & Economics
issn 2241-794X
publishDate 2016-07-01
description Spending on security in an SME usually has to compete with demands for hardware, infrastructure, and strategic applications. In this paper, the authors seek to explore the reasons why smaller SMEs in particular have consistently failed to see securing information as strategic year-on-year spending, and just regard as part of an overall tight IT budget. The authors scrutinise the typical SMEs reasoning for choosing to see non-spending on security as an acceptable strategic risk. They look particularly at possible reasons why SMEs tend not to take much notice of "scare stories" in the media based on research showing they are increasingly at risk, whilst larger businesses are taking greater precautions and become more difficult to penetrate. The results and their analysis provide useful pointers towards broader business environment changes that would cause SMEs to be more risk-averse and ethical in their approach to securing their own and their clients’ information.
topic data protection legislation
economics of information security
information security management systems
iso2700
sme
url https://www.athensjournals.gr/business/2016-2-3-5-Henson.pdf
work_keys_str_mv AT richardhenson whatattitudechangesareneededtocausesmestotakeastrategicapproachtoinformationsecurity
AT joygarfield whatattitudechangesareneededtocausesmestotakeastrategicapproachtoinformationsecurity
_version_ 1724323880484470784

Similar Items